{"id":"GO-2025-3926","summary":"Harness Allows Arbitrary File Write in Gitness LFS server in github.com/harness/gitness","details":"Harness Allows Arbitrary File Write in Gitness LFS server in github.com/harness/gitness","aliases":["CVE-2025-58158","GHSA-w469-hj2f-jpr5"],"modified":"2025-09-17T17:27:12.391486Z","published":"2025-09-17T17:03:38Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3926"},"references":[{"type":"ADVISORY","url":"https://github.com/harness/harness/security/advisories/GHSA-w469-hj2f-jpr5"},{"type":"WEB","url":"https://github.com/harness/harness/commit/21c5ce42ae13740b1cad47706c2ec85e72cc8c20"}],"affected":[{"package":{"name":"github.com/harness/gitness","ecosystem":"Go","purl":"pkg:golang/github.com/harness/gitness"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.0.4-gitspaces-beta.0.20250808064055-21c5ce42ae13"}]}],"ecosystem_specific":{"custom_ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.0.4"},{"fixed":"3.3.0"}]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3926.json"}}],"schema_version":"1.7.3"}